CN110830237B - CPK key generation method, device, entity and key center based on time - Google Patents

CPK key generation method, device, entity and key center based on time Download PDF

Info

Publication number
CN110830237B
CN110830237B CN201911201979.8A CN201911201979A CN110830237B CN 110830237 B CN110830237 B CN 110830237B CN 201911201979 A CN201911201979 A CN 201911201979A CN 110830237 B CN110830237 B CN 110830237B
Authority
CN
China
Prior art keywords
entity
key
matrix
identifier
private key
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201911201979.8A
Other languages
Chinese (zh)
Other versions
CN110830237A (en
Inventor
南相浩
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Jin Shang Bo Chuang Beijing Science&technology Co ltd
Original Assignee
Jin Shang Bo Chuang Beijing Science&technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Jin Shang Bo Chuang Beijing Science&technology Co ltd filed Critical Jin Shang Bo Chuang Beijing Science&technology Co ltd
Priority to CN201911201979.8A priority Critical patent/CN110830237B/en
Publication of CN110830237A publication Critical patent/CN110830237A/en
Application granted granted Critical
Publication of CN110830237B publication Critical patent/CN110830237B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0643Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0866Generation of secret information including derivation or calculation of cryptographic keys or passwords involving user or device identifiers, e.g. serial number, physical or biometrical information, DNA, hand-signature or measurable physical characteristics
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0872Generation of secret information including derivation or calculation of cryptographic keys or passwords using geo-location information, e.g. location data, time, relative position or proximity to other entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy

Abstract

The embodiment of the invention provides a CPK (compact public key) key generation method, a CPK key generation device, a CPK key generation entity and a CPK key center based on time, belongs to the technical field of information security, and solves the problem that quantum exhaustion cannot be avoided by a CPK system in the prior art. The method comprises the following steps: receiving a key application message of an entity; taking the current network time as a first network time, and carrying out hash transformation on the first network time and the entity identifier by utilizing a hash key to obtain an identifier mapping sequence; generating rules according to the identification mapping sequence and preset layering parameters to obtain layering parameters; obtaining a matrix private key according to the identification mapping sequence, the combined private key matrix and a preset matrix key generation rule; and obtaining a combined private key of the first network moment corresponding to the entity identifier according to the matrix private key, the layering parameters and the current annual private key, and sending the combined private key to the entity so that the entity discards the combined private key after digitally signing by using the combined private key. The embodiment of the invention is suitable for the private key application process.

Description

CPK key generation method, device, entity and key center based on time
Technical Field
The invention relates to the technical field of information security, in particular to a CPK (compact public key) key generation method, device, entity and key center based on time.
Background
CPK (Combined Public Key ) is the first international identity-based public key system with digital signature and key encryption functions. CPK is simple in programming, extremely large in combination amount and extremely high in operation speed, but in the face of gradually developing and mature quantum computing, the possibility of preventing quantum exhaustion is inevitably faced.
Disclosure of Invention
The embodiment of the invention aims to provide a CPK key generation method, a device, an entity and a key center based on time, which solve the problem that the CPK system in the prior art cannot avoid quantum exhaustion, obtain a combined private key corresponding to an entity identifier at the current network time through the current annual private key, a matrix private key corresponding to the entity identifier and layering parameters, realize a multi-layer composite private key structure, prevent quantum exhaustion attack, generate only one combined private key at one network time aiming at the entity identifier, and discard the combined private key after the use, so that the quantum exhaustion is meaningless.
In order to achieve the above object, an embodiment of the present invention provides a CPK key generation method based on time, which is applied to a key center, and includes: receiving a key application message of an entity, wherein the key application message comprises the entity identifier and an application serial number; taking the current network time as a first network time, carrying out hash transformation on the first network time and the entity identifier by utilizing a hash key to obtain an identifier mapping sequence corresponding to the entity identifier, and publishing the hash key; obtaining layering parameters corresponding to the entity identifiers according to the identifier mapping sequence and a preset layering parameter generation rule; defining a combined private key matrix and a combined public key matrix, obtaining a matrix private key corresponding to the entity identifier according to the identifier mapping sequence, the combined private key matrix and a preset matrix key generation rule, and publishing the combined public key matrix; defining a current annual private key and a current annual public key, obtaining a combined private key of the first network moment corresponding to the entity identifier according to the matrix private key, the layering parameters and the current annual private key, sending the first network moment, the entity identifier, the application serial number and the combined private key to the entity and publishing the current annual public key, so that the entity discards the combined private key after performing digital signature by using the combined private key.
Further, the hash conversion of the first network time and the entity identifier by using the hash key to obtain an identifier mapping sequence corresponding to the entity identifier includes: according to Map Bob =Hash Hkey (Bob//time1)=v 0 ,v 1 ,v 2 ,…,v 40 Obtaining an identification mapping sequence v corresponding to the entity identification 0 ,v 1 ,v 2 ,…,v 40 Wherein Bob is the entity identifier, time1 is the first network time, the precision is microsecond, and Hkey is the hash key.
Further, the generating is performed according to the identification mapping sequence and a preset layering parameterThe rule, the layering parameter corresponding to the entity identifier is obtained comprises: according to Hash Hkey (v 33 ,…,v 40 )mod 2 40 =fcc Bob Obtaining a layering parameter fcc corresponding to the entity identifier Bob Wherein v is 33 ,…,v 40 Belonging to an identification mapping sequence v corresponding to the entity identification 0 ,v 1 ,v 2 ,…,v 40
Further, the combined private key matrix and the combined public key matrix are respectively composed of 32 pages of submatrices, and the submatrices of each page are 256×32 in size.
Further, the obtaining the matrix private key corresponding to the entity identifier according to the identifier mapping sequence, the combined private key matrix and a preset matrix key generation rule includes: extracting v in the identification mapping sequence from the combined private key matrix according to the identification mapping sequence and a preset matrix key generation rule 0 The submatrices of the indicated pages as generator matrices; mapping v in the identification mapping sequence 1 ,…,v 32 As the appointed row coordinates in the generation matrix, natural sequences are used as the appointed column coordinates in the generation matrix, and variables in the appointed row coordinates and the appointed column coordinates in the generation matrix are extracted; according to
Figure BDA0002296106680000021
Obtaining a matrix private key cmb corresponding to the entity identifier Bob Where r is a variable in a specified row coordinate and a specified column coordinate in the generator matrix.
Further, the obtaining, according to the matrix private key, the layering parameter, and the current year private key, the combined private key of the first network time corresponding to the entity identifier includes: according to cpk Bob =(cmb Bob *fcc Bob + year) mod n to obtain a combined private key cpk of the first network time corresponding to the entity identifier Bob Wherein, cmb Bob Fcc is the matrix private key Bob For the hierarchical parameters, year is the current year private key.
Further, the key application message further includes an entity-defined symmetric key, and the sending the first network time, the entity identifier, the application serial number, and the combined private key to the entity includes: and encrypting the data packet consisting of the first network moment, the entity identifier, the application serial number and the combined private key by using the symmetric key, and sending the encrypted data packet to the entity.
Correspondingly, the embodiment of the invention also provides a CPK key generation method based on time, which is applied to the entity and comprises the following steps: when digital signature is to be executed, a key application message is sent to a key center, wherein the key application message comprises the entity identifier and an application serial number; receiving a first network time, an entity identifier, an application serial number and a combined private key of the first network time corresponding to the entity identifier, which are sent by the key center, wherein the combined private key is associated with a current annual private key, a matrix private key corresponding to the entity identifier and a layering parameter; and discarding the combined private key after carrying out digital signature by using the combined private key.
Further, the key application message further includes an entity-defined symmetric key, and the receiving the combined private key of the first network time, the entity identifier, the application serial number and the first network time corresponding to the entity identifier sent by the key center includes: and receiving the encrypted data packet, and decrypting the data packet by using the symmetric key to obtain a combined private key of a first network time, an entity identifier, an application serial number and the first network time corresponding to the entity identifier in the data packet.
Further, the method further comprises: acquiring a hash key, a combined public key matrix and a current year public key which are published by the key center; when a digital signature data packet of another entity is received, extracting an entity identifier of the other entity and a second network time from the data packet; performing hash transformation on the second network time and the entity identifier of the other entity by using the hash key to obtain an identifier mapping sequence corresponding to the entity identifier of the other entity; obtaining layering parameters corresponding to the entity identification of the other entity according to the identification mapping sequence and a preset layering parameter generation rule; obtaining a matrix public key corresponding to the entity identifier of the other entity according to the identifier mapping sequence, the combined public key matrix and a preset matrix key generation rule; obtaining a combined public key of the second network moment corresponding to the entity identifier of the other entity according to the matrix public key, the layering parameters and the current year public key; and extracting the digital signature in the digital signature data packet, and verifying the digital signature by using the combined public key of the second network moment corresponding to the entity identification of the other entity.
Further, the hash conversion of the second network time and the entity identifier of the other entity by using the hash key to obtain an identifier mapping sequence corresponding to the entity identifier of the other entity includes: according to Map Alice =Hash Hkey (Alice//time2)=w 0 ,w 1 ,w 2 ,…,w 40 Obtaining an identification mapping sequence w corresponding to the entity identification of the other entity 0 ,w 1 ,w 2 ,…,w 40 Wherein Alice is an entity identifier of the other entity, time2 is a second network time, the precision of which is microsecond, and Hkey is the hash key.
Further, the generating a rule according to the identifier mapping sequence and a preset layering parameter to obtain a layering parameter corresponding to the entity identifier of the other entity includes: according to Hash Hkey (w 33 ,…,w 40 )mod 2 40 =fcc Alice Obtaining a layering parameter fcc corresponding to the entity identifier of the other entity Alice Wherein w is 33 ,…,w 40 An identification mapping sequence w corresponding to the entity identification belonging to the other entity 0 ,w 1 ,w 2 ,…,w 40
Further, the obtaining the matrix public key corresponding to the entity identifier of the other entity according to the identifier mapping sequence, the combined public key matrix and a preset matrix key generation rule includes: according to the identification mapping sequence and a preset matrix key generation rule, combining the identification mapping sequence with the preset matrix key generation ruleExtracting w in the identification mapping sequence from a public key matrix 0 The submatrices of the indicated pages as generator matrices; mapping w in the identification mapping sequence 1 ,…,w 32 As the appointed row coordinates in the generation matrix, natural sequences are used as the appointed column coordinates in the generation matrix, and variables in the appointed row coordinates and the appointed column coordinates in the generation matrix are extracted; according to
Figure BDA0002296106680000041
Obtaining a matrix public key CMB corresponding to the entity identification of the other entity Alice Wherein R is a variable in a specified row coordinate and a specified column coordinate in the generator matrix.
Further, the obtaining, according to the matrix public key, the layering parameter, and the current year public key, the combined public key of the second network time corresponding to the entity identifier of the other entity includes: according to CPK Alice =CMB Alice *fcc Alice + YEAR, obtaining a combined public key CPK of the second network moment corresponding to the entity identifier of the other entity Alice Wherein the CMB Alice Identifying a corresponding matrix public key, fcc, for an entity of the other entity Alice And identifying a corresponding layering parameter for the entity of the other entity, wherein YEAR is the current YEAR public key.
Correspondingly, the embodiment of the invention also provides a CPK key generation device based on time, which is applied to a key center and comprises the following steps: the receiving unit is used for receiving a key application message of an entity, wherein the key application message comprises the entity identifier and an application serial number; the first processing unit is used for taking the current network time as a first network time, and carrying out hash transformation on the first network time and the entity identifier by utilizing a hash key to obtain an identifier mapping sequence corresponding to the entity identifier; the second processing unit is used for generating rules according to the identifier mapping sequence and preset layering parameters to obtain layering parameters corresponding to the entity identifiers; the third processing unit is used for defining a combined private key matrix and a combined public key matrix, and obtaining a matrix private key corresponding to the entity identifier according to the identifier mapping sequence, the combined private key matrix and a preset matrix key generation rule; the fourth processing unit is used for defining a current annual private key and a current annual public key, and obtaining a combined private key of the first network moment corresponding to the entity identifier according to the matrix private key, the layering parameters and the current annual private key; the sending unit is used for sending the first network moment, the entity identifier, the application serial number and the combined private key to the entity so that the entity can discard the combined private key after carrying out digital signature by using the combined private key; and the publishing unit is used for publishing the hash key, the combined public key matrix and the current year public key.
Further, the first processing unit is further configured to, according to Map Bob =Hash Hkey (Bob//time1)=v 0 ,v 1 ,v 2 ,…,v 40 Obtaining an identification mapping sequence v corresponding to the entity identification 0 ,v 1 ,v 2 ,…,v 40 Wherein Bob is the entity identifier, time1 is the first network time, the precision is microsecond, and Hkey is the hash key.
Further, the second processing unit is further configured to perform a Hash processing according to the Hash Hkey (v 33 ,…,v 40 )mod2 40 =fcc Bob Obtaining a layering parameter fcc corresponding to the entity identifier Bob Wherein v is 33 ,…,v 40 Belonging to an identification mapping sequence v corresponding to the entity identification 0 ,v 1 ,v 2 ,…,v 40
Further, the combined private key matrix and the combined public key matrix are respectively composed of 32 pages of submatrices, and the submatrices of each page are 256×32 in size.
Further, the third processing unit is further configured to extract v in the identifier mapping sequence from the combined private key matrix according to the identifier mapping sequence and a preset matrix key generation rule 0 The submatrices of the indicated pages as generator matrices; mapping v in the identification mapping sequence 1 ,…,v 32 As the specified row coordinates in the generator matrix, natural order asExtracting the appointed row coordinates and the variables in the appointed column coordinates in the generating matrix; according to
Figure BDA0002296106680000061
Obtaining a matrix private key cmb corresponding to the entity identifier Bob Where r is a variable in a specified row coordinate and a specified column coordinate in the generator matrix.
Further, the fourth processing unit is further configured to perform a processing according to cpk Bob =(cmb Bob *fcc Bob + year) mod n to obtain a combined private key cpk of the first network time corresponding to the entity identifier Bob Wherein, cmb Bob Fcc is the matrix private key Bob For the hierarchical parameters, year is the current year private key.
Further, the key application message further includes an entity-defined symmetric key, and the sending unit is further configured to encrypt a data packet formed by the first network time, the entity identifier, the application serial number, and the combined private key by using the symmetric key, and send the encrypted data packet to the entity.
Correspondingly, the embodiment of the invention also provides a CPK key generation device based on time, which is applied to the entity and comprises the following steps: a sending unit, configured to send a key application message to a key center when a digital signature is to be executed, where the key application message includes the entity identifier and an application serial number; the receiving unit is used for receiving a combined private key of the first network time, the entity identifier, the application serial number and the first network time corresponding to the entity identifier, which are sent by the key center, wherein the combined private key is associated with the current annual private key, the matrix private key corresponding to the entity identifier and the layering parameter; and the signature processing unit is used for discarding the combined private key after carrying out digital signature by utilizing the combined private key.
Further, the key application message further includes an entity-defined symmetric key, and the receiving unit is further configured to receive the encrypted data packet, decrypt the data packet using the symmetric key, and obtain a combined private key of a first network time, an entity identifier, an application serial number, and the first network time corresponding to the entity identifier in the data packet.
Further, the apparatus further comprises: the acquisition unit is used for acquiring the hash key, the combined public key matrix and the current year public key published by the key center; the receiving unit is also used for receiving a digital signature data packet sent by another entity; an extracting unit, configured to extract an entity identifier of the other entity and a second network time from the data packet; the hash conversion unit is used for carrying out hash conversion on the second network time and the entity identifier of the other entity by utilizing the hash key to obtain an identifier mapping sequence corresponding to the entity identifier of the other entity; the first generation unit is used for obtaining layering parameters corresponding to the entity identifier of the other entity according to the identifier mapping sequence and a preset layering parameter generation rule; the second generating unit is used for obtaining a matrix public key corresponding to the entity identifier of the other entity according to the identifier mapping sequence, the combined public key matrix and a preset matrix key generating rule; a third generating unit, configured to obtain, according to the matrix public key, the layering parameter, and the current year public key, a combined public key of the second network time corresponding to the entity identifier of the other entity; and the verification unit is used for extracting the digital signature in the digital signature data packet and verifying the digital signature by utilizing the combined public key of the second network moment corresponding to the entity identifier of the other entity.
Further, the hash transformation unit is further configured to perform a hash transformation according to Map Alice =Hash Hkey (Alice//time2)=w 0 ,w 1 ,w 2 ,…,w 40 Obtaining an identification mapping sequence w corresponding to the entity identification of the other entity 0 ,w 1 ,w 2 ,…,w 40 Wherein Alice is an entity identifier of the other entity, time2 is a second network time, the precision of which is microsecond, and Hkey is the hash key.
Further, the first generating unit is further configured to perform a Hash algorithm Hkey (w 33 ,…,w 40 )mod2 40 =fcc Alice Obtaining a layering parameter fcc corresponding to the entity identifier of the other entity Alice Wherein w is 33 ,…,w 40 An identification mapping sequence w corresponding to the entity identification belonging to the other entity 0 ,w 1 ,w 2 ,…,w 40
Further, the second generating unit is further configured to extract w in the identifier mapping sequence from the combined public key matrix according to the identifier mapping sequence and a preset matrix key generating rule 0 The submatrices of the indicated pages as generator matrices; mapping w in the identification mapping sequence 1 ,…,w 32 As the appointed row coordinates in the generation matrix, natural sequences are used as the appointed column coordinates in the generation matrix, and variables in the appointed row coordinates and the appointed column coordinates in the generation matrix are extracted; according to
Figure BDA0002296106680000081
Obtaining a matrix public key CMB corresponding to the entity identification of the other entity Alice Wherein R is a variable in a specified row coordinate and a specified column coordinate in the generator matrix.
Further, the third generating unit is further configured to generate, according to the CPK Alice =CMB Alice *fcc Alice + YEAR, obtaining a combined public key CPK of the second network moment corresponding to the entity identifier of the other entity Alice Wherein the CMB Alice Identifying a corresponding matrix public key, fcc, for an entity of the other entity Alice And identifying a corresponding layering parameter for the entity of the other entity, wherein YEAR is the current YEAR public key.
Correspondingly, the embodiment of the invention also provides a key center which is used for executing the CPK key generation method based on time, which is applied to the key center.
Correspondingly, the embodiment of the invention also provides an entity for executing the CPK key generation method based on the time, which is applied to the entity.
According to the technical scheme, the combined private key of the current network moment corresponding to the entity identifier is obtained by using the current annual private key, the matrix private key corresponding to the entity identifier and the layering parameter, the problem that quantum exhaustion cannot be avoided by the CPK system in the prior art is solved, a multi-layer composite private key structure is realized, quantum exhaustion attack is prevented, only one combined private key is generated at one network moment aiming at the entity identifier, and the combined private key is discarded after being used up, so that quantum exhaustion is meaningless.
Additional features and advantages of embodiments of the invention will be set forth in the detailed description which follows.
Drawings
The accompanying drawings are included to provide a further understanding of embodiments of the invention and are incorporated in and constitute a part of this specification, illustrate embodiments of the invention and together with the description serve to explain, without limitation, the embodiments of the invention. In the drawings:
fig. 1 is a schematic flow chart of a CPK key generation method based on time according to an embodiment of the present invention;
fig. 2 is a schematic flow chart of another CPK key generation method based on time according to an embodiment of the present invention;
fig. 3 is a schematic flow chart of another CPK key generation method based on time according to an embodiment of the present invention;
fig. 4 is a schematic structural diagram of a CPK key generating apparatus based on time according to an embodiment of the present invention;
fig. 5 is a schematic structural diagram of another CPK key generating apparatus based on time according to an embodiment of the present invention;
fig. 6 is a schematic structural diagram of still another CPK key generating apparatus based on time according to an embodiment of the present invention.
Detailed Description
The following describes the detailed implementation of the embodiments of the present invention with reference to the drawings. It should be understood that the detailed description and specific examples, while indicating and illustrating the invention, are not intended to limit the invention.
Although the CPK system in the prior art has simple programming, extremely large combination amount and extremely high operation speed, with the advent of quantum computers, "death" of all public key systems is announced, and thus a new system resisting quantum exhaustion has to be studied. In order to prevent quantum exhaustion, the key in the embodiment of the invention changes along with the change of time, so that the quantum exhaustion can not keep pace with the change of the key, and the private key is discarded after being used once, so that the quantum exhaustion is meaningless. Embodiments of the present invention will be described in detail below.
Fig. 1 is a schematic flow chart of a CPK key generation method based on time according to an embodiment of the present invention. As shown in fig. 1, the method is applied to a key center, and comprises the following steps:
step 101, receiving a key application message of an entity, wherein the key application message comprises an entity identifier and an application serial number;
102, taking the current network time as a first network time, carrying out hash transformation on the first network time and the entity identifier by utilizing a hash key to obtain an identifier mapping sequence corresponding to the entity identifier, and publishing the hash key;
Step 103, generating rules according to the identifier mapping sequence and preset layering parameters to obtain layering parameters corresponding to the entity identifiers;
step 104, defining a combined private key matrix and a combined public key matrix, obtaining a matrix private key corresponding to the entity identifier and publishing the combined public key matrix according to the identifier mapping sequence, the combined private key matrix and a preset matrix key generation rule;
step 105, defining a current annual private key and a current annual public key, obtaining a combined private key of the first network moment corresponding to the entity identifier according to the matrix private key, the layering parameter and the current annual private key, sending the first network moment, the entity identifier, the application serial number and the combined private key to the entity and publishing the current annual public key, so that the entity discards the combined private key after digitally signing by using the combined private key.
Wherein, the embodiment of the invention is based on an elliptic curve Ey 2 =x 3 +ax+b (p), where the curve parameter t= (a, b, G, p, n), where G is the base point and n is the order of the base point G. The key center defines a hash key, a combined private key matrix, a combined public key matrix, a current year private key and a current year public key in advance. Wherein the hash key is represented by Hkey, and the combined private key matrix and the combined public key matrix are respectively represented by r i,j And R is i,j And (3) representing. Where R is a random integer less than n, R is r×g, and G is an elliptic curve generator (base point). In addition, the combined private key matrix and the combined public key matrix are respectively composed of 32 pages of submatrices, and the submatrices of each page are 256 x 32 in size. The combined public key matrix and the current annual public key are kept by each entity after being published by the key center, and the combined private key matrix and the current annual private key are kept by the key center. The entity may be a terminal, a sensor, a telephone number, an account number, etc.
The application serial number is used for distinguishing the combined private key applied by each entity, and the entity applies for the combined private key from the key center when the entity needs digital signature, and the application serial number is used for proving the authenticity of the application when the entity applies for the combined private key from the key center.
Taking entity Bob applying for the combined private key as an example, in step 102, the combined private key is obtained according to Map Bob =Hash Hkey (Bob//time1)=v 0 ,v 1 ,v 2 ,…,v 40 Obtaining an identification mapping sequence v corresponding to the entity identification 0 ,v 1 ,v 2 ,…,v 40 Where Bob identifies the entity, time1 is the first network time, including year, month, day, and microsecond (parts per million second), i.e., with an accuracy on the order of microseconds. The first network time is the network time for generating the identifier mapping sequence, that is, each time the entity applies for the combined private key, there is a unique correspondence between the first network time and the first network time. The network time corresponding to the combined private key of different entities is different, and the network time corresponding to the combined private key applied by the same entity is also different.
For getTo an identification mapping sequence v 0 ,v 1 ,v 2 ,…,v 40 Generating rules according to preset layering parameters, and mapping v in a sequence by identification 33 ,…,v 40 Generating the hierarchical parameters via a hash transformation, wherein v 33 ,…,v 40 Is 8 bits long. According to a preset matrix key generation rule, mapping v in the sequence by the identifier 0 Pages indicating a combined private key matrix to be subsequently used in generating matrix private keys, i.e. v 0 The submatrices of the indicated pages generate a generator matrix of a generator matrix private key, where v 0 Is 8 bits long. Mapping v in sequence by identity 1 ,…,v 32 As the specified row coordinates in the generator matrix, a natural order is used as the specified column coordinates in the generator matrix, so that the variables in the specified row coordinates and the specified column coordinates in the generator matrix can be extracted, and a matrix private key is generated by the variables, wherein v 1 ,…,v 32 Is 8 bits long.
Then, in step 103, according to Hash Hkey (v 33 ,…,v 40 )mod 2 40 =fcc Bob Obtaining a layering parameter fcc corresponding to the entity identifier Bob Wherein v is 33 ,…,v 40 Belonging to an identification mapping sequence v corresponding to the entity identification 0 ,v 1 ,v 2 ,…,v 40
In step 104, v in the identifier mapping sequence is extracted from the combined private key matrix according to the identifier mapping sequence and a preset matrix key generation rule 0 The submatrix of the indicated page is used as a generator matrix, and v in the identification mapping sequence is then used as a generator matrix 1 ,…,v 32 And as the specified row coordinates in the generation matrix, the natural sequence is used as the specified column coordinates in the generation matrix, and the variables in the specified row coordinates and the specified column coordinates in the generation matrix are extracted. Thereafter according to
Figure BDA0002296106680000121
Obtaining a matrix private key cmb corresponding to the entity identifier Bob Wherein r is in the generator matrixA variable in a specified row coordinate and a specified column coordinate.
After the hierarchical parameters and the matrix private key are obtained through the steps, the method is based on
Figure BDA0002296106680000122
Obtaining a combined private key cpk of the first network moment corresponding to the entity identifier Bob Wherein fcc is Bob For the hierarchical parameters, year is the current year private key.
In addition, in order to encrypt and protect the combined private key of the entity, the key application message further includes a symmetric key defined by the entity, and the symmetric key may be used to encrypt a data packet formed by the first network time, the entity identifier, the application serial number and the combined private key, and send the encrypted data packet to the entity.
Through the embodiment, when the entity needs to execute the digital signature, the combined private key is applied to the key center, and the combined private key is generated based on the network moment and is associated with the current annual private key, the matrix private key corresponding to the entity identifier and the layering parameters, so that a multi-layer composite private key structure is formed, only one combined private key is generated at one network moment aiming at the entity identifier, the combined private key is discarded after being used for carrying out the digital signature, and the problem that the quantum exhaustion cannot be avoided by the CPK system in the prior art is solved, so that the quantum exhaustion is meaningless.
Correspondingly, fig. 2 is a schematic flow chart of a CPK key generating method based on time according to an embodiment of the present invention. As shown in fig. 2, the method is applied to an entity, which may be a terminal, a sensor, a phone number, an account number, etc., and the method includes the steps of:
step 201, when digital signature is to be executed, a key application message is sent to a key center, wherein the key application message comprises the entity identifier and an application serial number;
step 202, receiving a combined private key of a first network time, an entity identifier, an application serial number and a first network time corresponding to the entity identifier, which are sent by the key center, wherein the combined private key is associated with a current year private key, a matrix private key corresponding to the entity identifier and a layering parameter;
and 203, discarding the combined private key after performing digital signature by using the combined private key.
In order to encrypt the applied combined private key, the key application message sent by the entity to the key center further includes a symmetric key defined by the entity, when the key center encrypts a data packet containing the first network time, the entity identifier, the application serial number and the combined private key of the first network time corresponding to the entity identifier by using the symmetric key, the entity receives the encrypted data packet and decrypts the data packet by using the symmetric key, thereby obtaining the first network time, the entity identifier, the application serial number and the combined private key of the first network time corresponding to the entity identifier in the data packet.
In addition, since the key center publishes the hash key, the combined public key matrix and the current year public key, when the entity receives the digital signature data packet of another entity, the information and the entity identifier of the other entity and the second network time can be used to obtain the combined public key of the second network time corresponding to the entity identifier of the other entity, so as to verify the digital signature of the combined public key.
Specifically, the entity obtains the hash key, the combined public key matrix and the current year public key published by the key center. When the entity receives a digital signature data packet of another entity, extracting an entity identifier of the other entity and a second network time from the data packet, and performing hash transformation on the second network time and the entity identifier of the other entity by using the hash key to obtain an identifier mapping sequence corresponding to the entity identifier of the other entity, namely according to a Map Alice =Hash Hkey (Alice//time2)=w 0 ,w 1 ,w 2 ,…,w 40 Obtaining an identification mapping sequence w corresponding to the entity identification of the other entity 0 ,w 1 ,w 2 ,…,w 40 Wherein Alice is the other entityTime2 is the second network time, the precision is microsecond, and Hkey is the hash key. Then, generating rules according to the identifier mapping sequence and preset layering parameters to obtain layering parameters corresponding to the entity identifier of the other entity, namely according to Hash Hkey (w 33 ,…,w 40 )mod 2 40 =fcc Alice Obtaining a layering parameter fcc corresponding to the entity identifier of the other entity Alice Wherein w is 33 ,…,w 40 An identification mapping sequence w corresponding to the entity identification belonging to the other entity 0 ,w 1 ,w 2 ,…,w 40 . Then, according to the identification mapping sequence, the combined public key matrix and a preset matrix key generation rule, a matrix public key corresponding to the entity identification of the other entity is obtained, namely, according to the identification mapping sequence and the preset matrix key generation rule, w in the identification mapping sequence is extracted from the combined public key matrix 0 The submatrix of the indicated page is used as a generating matrix to map w in the sequence 1 ,…,w 32 As the specified row coordinates in the generator matrix, natural sequences are used as the specified column coordinates in the generator matrix, the variables in the specified row coordinates and the specified column coordinates in the generator matrix are extracted, and then the variables are extracted according to the following steps
Figure BDA0002296106680000141
Obtaining a matrix public key CMB corresponding to the entity identification of the other entity Alice Wherein R is a variable in a specified row coordinate and a specified column coordinate in the generator matrix. Then, according to the matrix public key, the layering parameters and the current year public key, a combined public key of the second network moment corresponding to the entity identifier of the other entity is obtained, namely according to +. >
Figure BDA0002296106680000142
Obtaining a combined public key CPK of the second network moment corresponding to the entity identifier of the other entity Alice Wherein fcc is Alice Identifying a corresponding hierarchical parameter for the entity of the other entity, wherein YEAR is the current YEARA public key. And finally, extracting the digital signature in the digital signature data packet, and verifying the digital signature by using the combined public key of the second network moment corresponding to the entity identification of the other entity.
Through the embodiment, when the entity is about to execute the digital signature, the application is sent to the key center, the key center generates the combined private key based on the network time, and the entity discards the combined private key after executing the digital signature by using the combined private key, so that the problem that the quantum exhaustion cannot be avoided by the CPK system in the prior art is solved, the quantum exhaustion is meaningless, and the long-term validity of the signature is ensured.
In order to facilitate understanding of the embodiments of the present invention, the key center, the entity Bob and the entity Alice will be described below as examples. Fig. 3 is a schematic flow chart of a CPK key generation method based on time, in which a central public key of a key center may be calculated by any entity, so as to ensure encrypted communication between the entity and the key center, and the method includes the following steps:
Step 301, a key center defines a hash key, a combined private key matrix, a combined public key matrix, a current annual private key and a current annual public key in advance, and publishes the hash key, the combined public key matrix and the current annual public key;
in step 302, when an entity is to perform digital signing, the entity calculates a central public key.
Because the key center has published the hash key, the combined public key matrix and the current year public key, and all entities can know the center identifier Kdc of the key center, the entity needing to execute digital signature only needs to utilize the hash key published by the key center to perform hash transformation on the center identifier and the current network time to obtain the identifier mapping sequence of the key center, such as: according to Map Kdc =Hash Hkey (Kdc//Time)=z 0 ,z 1 ,z 2 ,…,z 40 Obtaining an identification mapping sequence z corresponding to the key center 0 ,z 1 ,z 2 ,…,z 40 Wherein Kdc is the centerThe identification is that the Time is the current network Time, the precision is also in microsecond level, and the Hkey is the hash key.
Then, according to the identification mapping sequence corresponding to the key center and a preset layering parameter generation rule, layering parameters corresponding to the key center are obtained, for example: according to Hash Hkey (z 33 ,…,z 40 )mod2 40 =fcc Kdc Obtaining a layering parameter fcc corresponding to the key center Kdc Wherein z is 33 ,…,z 40 Belonging to an identification mapping sequence z corresponding to the key center 0 ,z 1 ,z 2 ,…,z 40
And obtaining a matrix public key corresponding to the key center according to the identification mapping sequence of the key center, the combined public key matrix and a preset matrix key generation rule. Wherein z in the identifier mapping sequence is extracted from the combined public key matrix according to the identifier mapping sequence and a preset matrix key generation rule 0 The submatrices of the indicated pages serve as generator matrices. Mapping z in the identification mapping sequence 1 ,…,z 32 And as the specified row coordinates in the generation matrix, the natural sequence is used as the specified column coordinates in the generation matrix, and the variables in the specified row coordinates and the specified column coordinates in the generation matrix are extracted. Then according to
Figure BDA0002296106680000151
Obtaining a matrix public key CMB of the key center Kdc Wherein R is a variable in a specified row coordinate and a specified column coordinate in the generator matrix.
Then, a central public key of the key center is obtained according to the matrix public key, the layering parameters and the current year public key, for example, according to
Figure BDA0002296106680000152
Obtaining a central public key CPK of the key center Kdc Wherein fcc is Kdc And as the layering parameter of the key center, YEAR is the current YEAR public key.
Step 303, the entity encrypts a key application message by using a central public key, and sends the ciphertext and the current network time to a key center, where the key application message includes the entity identifier, an application serial number, and a symmetric key defined by the entity.
The application serial number is used for distinguishing the combined private key applied by each entity, and the entity applies for the combined private key from the key center when the entity needs digital signature, and the application serial number is used for proving the authenticity of the application when the entity applies for the combined private key from the key center. The entity-defined symmetric key is used for encryption when the key center sends the generated combined private key to the entity.
Step 304, the key center generates a center private key of the key center at the current network time by using the current network time, the center identifier, the hash key, the combined private key matrix and the current year private key.
Specifically, the key center uses a hash key to hash the current network time and the center identifier to obtain an identifier mapping sequence corresponding to the key center, for example, according to a Map Kdc =Hash Hkey (Kdc//Time)=z 0 ,z 1 ,z 2 ,…,z 40 Obtaining an identification mapping sequence z corresponding to the key center 0 ,z 1 ,z 2 ,…,z 40 Wherein Kdc is the center identifier, time is the current network Time, the precision is microsecond, and Hkey is the hash key.
Then, according to the identification mapping sequence corresponding to the key center and a preset layering parameter generation rule, layering parameters corresponding to the key center are obtained, for example: according to Hash Hkey (z 33 ,…,z 40 )mod2 40 =fcc Kdc Obtaining a layering parameter fcc corresponding to the key center Kdc Wherein z is 33 ,…,z 40 Belonging to an identification mapping sequence z corresponding to the key center 0 ,z 1 ,z 2 ,…,z 40
Then, according to the identification mapping sequence of the key center and the combinationAnd obtaining a matrix private key corresponding to the key center by the private key matrix and a preset matrix key generation rule. Wherein z in the identifier mapping sequence is extracted from the combined private key matrix according to the identifier mapping sequence and a preset matrix key generation rule 0 The submatrices of the indicated pages serve as generator matrices. Mapping z in the identification mapping sequence 1 ,…,z 32 And as the specified row coordinates in the generation matrix, the natural sequence is used as the specified column coordinates in the generation matrix, and the variables in the specified row coordinates and the specified column coordinates in the generation matrix are extracted. Then according to
Figure BDA0002296106680000161
Obtaining a matrix private key cmb of the key center Kdc Where r is a variable in a specified row coordinate and a specified column coordinate in the generator matrix.
Then, according to the matrix private key, the layering parameters and the current annual private key, the central private key of the current network moment corresponding to the key center is obtained, for example, according to the following steps
Figure BDA0002296106680000171
Obtaining a central private key cpk of the current network time of the key center Kdc Wherein fcc is Kdc For the hierarchical parameters, year is the current year private key.
Step 305, the key center decrypts the key application message by using the center private key, extracts the entity identifier from the key application message, uses the current network time as the first network time, and uses the hash key to hash the first network time and the entity identifier to obtain the identifier mapping sequence of the first network time corresponding to the entity identifier.
Taking entity Bob as an example to apply for the combined private key, according to Map Bob =Hash Hkey (Bob//time1)=v 0 ,v 1 ,v 2 ,…,v 40 Obtaining an identification mapping sequence v corresponding to the entity identification 0 ,v 1 ,v 2 ,…,v 40 Where Bob identifies the entity, time1 is the first network time, including year, month, day, and microsecond (parts per million second), i.e., with an accuracy on the order of microseconds. The first network time is the network time for generating the identifier mapping sequence, that is, each time the entity applies for the combined private key, there is a unique correspondence between the first network time and the first network time. The network time corresponding to the combined private key applied by the same entity cannot be the same.
Mapping sequence v for the resulting identity 0 ,v 1 ,v 2 ,…,v 40 Generating rules according to preset layering parameters, and mapping v in a sequence by identification 33 ,…,v 40 Generating the hierarchical parameters via a hash transformation, wherein v 33 ,…,v 40 Is 8 bits long. According to a preset matrix key generation rule, mapping v in the sequence by the identifier 0 Pages indicating a combined private key matrix to be subsequently used in generating matrix private keys, i.e. v 0 The submatrices of the indicated pages generate a generator matrix of a generator matrix private key, where v 0 Is 8 bits long. Mapping v in sequence by identity 1 ,…,v 32 As the specified row coordinates in the generator matrix, a natural order is used as the specified column coordinates in the generator matrix, so that the variables in the specified row coordinates and the specified column coordinates in the generator matrix can be extracted, and a matrix private key is generated by the variables, wherein v 1 ,…,v 32 Is 8 bits long.
And 306, generating rules according to the identifier mapping sequence and preset layering parameters to obtain layering parameters corresponding to the entity identifiers.
Wherein according to Hash Hkey (v 33 ,…,v 40 )mod 2 40 =fcc Bob Obtaining a layering parameter fcc corresponding to the entity identifier Bob
Step 307, obtaining the matrix private key corresponding to the entity identifier according to the identifier mapping sequence, the combined private key matrix and a preset matrix key generation rule.
Specifically, according to the identifier mapping sequence and a preset matrix key generation ruleExtracting v in the identity mapping sequence in the combined private key matrix 0 The submatrices of the indicated pages serve as generator matrices. Then, v in the identification mapping sequence 1 ,…,v 32 And as the specified row coordinates in the generation matrix, the natural sequence is used as the specified column coordinates in the generation matrix, and the variables in the specified row coordinates and the specified column coordinates in the generation matrix are extracted. Thereafter according to
Figure BDA0002296106680000181
Obtaining a matrix private key cmb corresponding to the entity identifier Bob Where r is a variable in a specified row coordinate and a specified column coordinate in the generator matrix.
Step 308, obtaining a combined private key of the first network time corresponding to the entity identifier according to the matrix private key, the layering parameters and the current annual private key.
Wherein according to
Figure BDA0002296106680000182
Obtaining a combined private key cpk of the first network moment corresponding to the entity identifier Bob Wherein year is the current year private key.
Step 309, the key center generates a central private key at the current moment again, signs the data packet formed by the first network moment, the entity identifier, the application serial number and the combined private key by using the central private key at the current moment, encrypts the data packet and the signature code by using the symmetric key defined by the entity, and obtains the encrypted ciphertext.
Wherein reference may be made to step 304 above, whereby the key center again generates the center private key at the current time.
Step 310, the encrypted ciphertext and the current moment are sent to an entity;
step 311, the entity receives the encrypted ciphertext and decrypts the ciphertext by using the symmetric key defined by the entity to obtain a data packet and a signature code;
step 312, verifying the authenticity of the signature code by using the central public key at the current moment, when the verification is true, executing step 313, and when the verification is not true, returning to step 302 to reapply the combined private key.
Wherein the entity may generate a central public key for the current time with reference to step 302 described above.
Step 313, the entity obtains a first network time, an entity identifier, an application serial number and a combined private key of the first network time corresponding to the entity identifier in the data packet, wherein the combined private key is associated with a current year private key, a matrix private key corresponding to the entity identifier and a layering parameter;
in step 314, the entity discards the combined private key after digitally signing with the combined private key.
Wherein a random number k is selected and kG= (x) is obtained 1 ,y 1 ) C= (x) 1 +y 1 ) 2 mod 2 40 Still taking entity Bob as an example, the digital signature for data h is s=k -1 (h+c*cpk Bob )mod n,SIG Bob = (s, c) =sign. Wherein SIG is a signature function, s is a signature code, and c is a verification code.
Steps 302-314 are the process of applying the combined private key to the key center and obtaining the combined private key for digital signature, taking entity Bob as an example. The process of applying the combined private key from the key center by the entity Alice is similar to the above steps, as long as the entity identifier of the entity Bob is replaced by the entity identifier of the entity Alice when the identifier mapping sequence is generated. The combined private key used for the digital signature is invalidated after being used once, and an entity is not required to store the combined private key, so that the security burden of the entity is greatly reduced.
Step 315, entity Bob obtains the combined public key matrix, the current year public key and the hash key published by the key center;
in step 316, when the entity Bob receives the digital signature data packet sent by the entity Alice, the entity identifier of the entity Alice and the second network time are extracted from the data packet.
The second network time is a network time in an identification mapping sequence used by a key center in generating a combined private key of the entity Alice. The digital signature data packet includes a digital signature, transmitted data, an entity identification, and a second network time.
In step 317, the entity Bob uses the hash key to hash the second network time and the entity identifier of the entity Alice to obtain an identifier mapping sequence corresponding to the entity identifier of the entity Alice.
Wherein, according to Map Alice =Hash Hkey (Alice//time2)=w 0 ,w 1 ,w 2 ,…,w 40 Obtaining an identification mapping sequence w corresponding to the entity identification of the entity Alice 0 ,w 1 ,w 2 ,…,w 40 Wherein Alice is an entity identifier of the entity Alice, time2 is a second network time, and the accuracy is microsecond.
And step 318, generating a rule according to the identification mapping sequence of the entity Alice and a preset layering parameter to obtain the layering parameter corresponding to the entity identification of the entity Alice.
Wherein according to Hash Hkey (w 33 ,…,w 40 )mod 2 40 =fcc Alice Obtaining a layering parameter fcc corresponding to the entity identifier of the entity Alice Alice Wherein w is 33 ,…,w 40 An identification mapping sequence w corresponding to the entity identification belonging to the entity Alice 0 ,w 1 ,w 2 ,…,w 40
Step 319, obtaining a matrix public key corresponding to the entity identifier of the entity Alice according to the identifier mapping sequence of the entity Alice, the combined public key matrix and a preset matrix key generation rule.
Wherein w in the identification mapping sequence is extracted from the combined public key matrix according to the identification mapping sequence and a preset matrix key generation rule 0 The submatrix of the indicated page is used as a generator matrix, and w in the identification mapping sequence is then used as a generator matrix 1 ,…,w 32 And as the specified row coordinates in the generation matrix, the natural sequence is used as the specified column coordinates in the generation matrix, and the variables in the specified row coordinates and the specified column coordinates in the generation matrix are extracted. Thereafter according to
Figure BDA0002296106680000201
Obtaining a matrix public key CMB corresponding to the entity identifier of the entity Alice Alice Wherein R is a variable in a specified row coordinate and a specified column coordinate in the generator matrix.
Step 320, obtaining the combined public key of the second network time corresponding to the entity identifier of the entity Alice according to the matrix public key, the layering parameters and the current year public key.
Wherein according to
Figure BDA0002296106680000202
Obtaining a combined public key CPK of the second network moment corresponding to the entity identifier of the entity Alice Alice Wherein YEAR is the current YEAR public key.
In step 321, the entity Bob verifies the digital signature by using the combined public key of the second network time corresponding to the entity identifier of the entity Alice.
Wherein, the digital signature of the data h is sign= (s, c), then the digital signature is obtained by s -1 hG+s -1 c*CPK Alice =(x 1 ,y 1 ) To obtain c' = (x) 1 +y 1 ) 2 mod 2 m Then verify if c is equal to c', and if so verify as true.
The implementation of the invention is highly dependent on network communication, network time and automation processing. The key center for generating the private key belongs to special equipment and is arranged at a server side. In the embodiment of the invention, the public and private keys change along with the change of the network time based on the time key system, so that the quantum exhaustion can not keep pace with the change. When digital signature is carried out, the combined private key is used once and is used up for being used up, so that quantum exhaustion is lost. The long-term validity of the signature is guaranteed, and even if the combined private key is cracked, only the obsolete combined private key can be cracked, and damage is avoided.
At present, the traditional Internet is to be upgraded into IPv6, but traceability is still not proved, the construction of the industrial Internet mainly comprising a sensing signal and a remote control signal is started, 5G communication is to be opened, unmanned, remote medical treatment, remote payment and the like are being formed, and a public key system with large enough variation, short and fast signature and capability of preventing quantum exhaustion is urgently needed. The invention implements the time-based identification public key system, has large variation, can allocate private keys for any scale of identification, including all IP addresses (10 x 38), all account numbers (10 x 22), and the like, and meets the requirement of the Internet of things. When the key length adopts 256 bits, the signature length is 37B, the signature speed is 40-50 k times per second, and the method is suitable for 5G communication. The annual key provided by the embodiment of the invention can be applied to the traditional communication field and transaction field, can be applied to the identification of the entity by the Internet of things, has good feasibility, is practical and available, is prepared for future use, and ensures the long-term life cycle of the annual key.
Correspondingly, fig. 4 is a schematic structural diagram of a CPK key generating apparatus based on time according to an embodiment of the present invention. As shown in fig. 4, the apparatus is applied to a key center, and the apparatus 40 includes: a receiving unit 41, configured to receive a key application message of an entity, where the key application message includes the entity identifier and an application serial number; the first processing unit 42 is configured to take a current network time as a first network time, and perform hash transformation on the first network time and the entity identifier by using a hash key to obtain an identifier mapping sequence corresponding to the entity identifier; a second processing unit 43, configured to obtain a layering parameter corresponding to the entity identifier according to the identifier mapping sequence and a preset layering parameter generation rule; a third processing unit 44, configured to define a combined private key matrix and a combined public key matrix, and obtain a matrix private key corresponding to the entity identifier according to the identifier mapping sequence, the combined private key matrix, and a preset matrix key generation rule; a fourth processing unit 45, configured to define a current year private key and a current year public key, and obtain a combined private key of the first network time corresponding to the entity identifier according to the matrix private key, the hierarchical parameter, and the current year private key; a sending unit 46, configured to send the first network time, the entity identifier, the application serial number, and the combined private key to the entity, so that the entity discards the combined private key after performing digital signature by using the combined private key; a publishing unit 47 for publishing the hash key, the combined public key matrix and the current year public key.
Further, the first processing unit is further configured to, according to Map Bob =Hash Hkey (Bob//time1)=v 0 ,v 1 ,v 2 ,…,v 40 Obtaining an identification mapping sequence v corresponding to the entity identification 0 ,v 1 ,v 2 ,…,v 40 Wherein Bob is the entity identifier, time1 is the first network time, the precision is microsecond, and Hkey is the hash key.
Further, the second processing unit is further configured to perform a Hash processing according to the Hash Hkey (v 33 ,…,v 40 )mod2 40 =fcc Bob Obtaining a layering parameter fcc corresponding to the entity identifier Bob Wherein v is 33 ,…,v 40 Belonging to an identification mapping sequence v corresponding to the entity identification 0 ,v 1 ,v 2 ,…,v 40
Further, the combined private key matrix and the combined public key matrix are respectively composed of 32 pages of submatrices, and the submatrices of each page are 256×32 in size.
Further, the third processing unit is further configured to extract v in the identifier mapping sequence from the combined private key matrix according to the identifier mapping sequence and a preset matrix key generation rule 0 The submatrices of the indicated pages as generator matrices; mapping v in the identification mapping sequence 1 ,…,v 32 As the appointed row coordinates in the generation matrix, natural sequences are used as the appointed column coordinates in the generation matrix, and variables in the appointed row coordinates and the appointed column coordinates in the generation matrix are extracted; according to
Figure BDA0002296106680000221
Obtaining a matrix private key cmb corresponding to the entity identifier Bob Where r is a variable in a specified row coordinate and a specified column coordinate in the generator matrix.
Further, the fourth processing unit is further configured to perform a processing according to cpk Bob =(cmb Bob *fcc Bob + year) mod n to obtain a combined private key cpk of the first network time corresponding to the entity identifier Bob Wherein, cmb Bob Fcc is the matrix private key Bob For the hierarchical parameters, year is the current year private key.
Further, the key application message further includes an entity-defined symmetric key, and the sending unit is further configured to encrypt a data packet formed by the first network time, the entity identifier, the application serial number, and the combined private key by using the symmetric key, and send the encrypted data packet to the entity.
The operation process of the device refers to the implementation process of the CPK key generation method based on time, which is applied to the key center.
Correspondingly, fig. 5 is a schematic structural diagram of a CPK key generating apparatus based on time according to an embodiment of the present invention. As shown in fig. 5, the apparatus is applied to an entity, and the apparatus 50 includes: a sending unit 51, configured to send a key application message to a key center when digital signature is to be performed, where the key application message includes the entity identifier and an application serial number; a receiving unit 52, configured to receive a combined private key of a first network time sent by the key center, an entity identifier, an application serial number, and a first network time corresponding to the entity identifier, where the combined private key is associated with a current year private key, a matrix private key corresponding to the entity identifier, and a layering parameter; the signature processing unit 53 is configured to discard the combined private key after performing digital signature by using the combined private key.
Further, the key application message further includes an entity-defined symmetric key, and the receiving unit is further configured to receive the encrypted data packet, decrypt the data packet using the symmetric key, and obtain a combined private key of a first network time, an entity identifier, an application serial number, and the first network time corresponding to the entity identifier in the data packet.
Further, as shown in fig. 6, the apparatus further includes: an obtaining unit 54, configured to obtain the hash key, the combined public key matrix, and the current year public key published by the key center; the receiving unit is also used for receiving a digital signature data packet sent by another entity; an extracting unit 55, configured to extract an entity identifier of the other entity and a second network time from the data packet; a hash conversion unit 56, configured to perform hash conversion on the second network time and the entity identifier of the other entity by using the hash key, to obtain an identifier mapping sequence corresponding to the entity identifier of the other entity; a first generating unit 57, configured to obtain a layering parameter corresponding to an entity identifier of the other entity according to the identifier mapping sequence and a preset layering parameter generating rule; a second generating unit 58, configured to obtain a matrix public key corresponding to the entity identifier of the other entity according to the identifier mapping sequence, the combined public key matrix, and a preset matrix key generating rule; a third generating unit 59, configured to obtain, according to the matrix public key, the layering parameter, and the current year public key, a combined public key of the second network time corresponding to the entity identifier of the other entity; and the verification unit 60 is configured to extract a digital signature in the digital signature data packet, and verify the digital signature by using a combined public key of the second network time corresponding to the entity identifier of the other entity.
Further, the hash transformation unit is further configured to perform a hash transformation according to Map Alice =Hash Hkey (Alice//time2)=w 0 ,w 1 ,w 2 ,…,w 40 Obtaining an identification mapping sequence w corresponding to the entity identification of the other entity 0 ,w 1 ,w 2 ,…,w 40 Wherein Alice is an entity identifier of the other entity, time2 is a second network time, the precision of which is microsecond, and Hkey is the hash key.
Further, the first generating unit is further configured to perform a Hash algorithm Hkey (w 33 ,…,w 40 )mod2 40 =fcc Alice Obtaining a layering parameter fcc corresponding to the entity identifier of the other entity Alice Wherein w is 33 ,…,w 40 Belonging to the saidIdentification mapping sequence w corresponding to entity identification of another entity 0 ,w 1 ,w 2 ,…,w 40
Further, the second generating unit is further configured to extract w in the identifier mapping sequence from the combined public key matrix according to the identifier mapping sequence and a preset matrix key generating rule 0 The submatrices of the indicated pages as generator matrices; mapping w in the identification mapping sequence 1 ,…,w 32 As the appointed row coordinates in the generation matrix, natural sequences are used as the appointed column coordinates in the generation matrix, and variables in the appointed row coordinates and the appointed column coordinates in the generation matrix are extracted; according to
Figure BDA0002296106680000241
Obtaining a matrix public key CMB corresponding to the entity identification of the other entity Alice Wherein R is a variable in a specified row coordinate and a specified column coordinate in the generator matrix.
Further, the third generating unit is further configured to generate, according to the CPK Alice =CMB Alice *fcc Alice + YEAR, obtaining a combined public key CPK of the second network moment corresponding to the entity identifier of the other entity Alice Wherein the CMB Alice Identifying a corresponding matrix public key, fcc, for an entity of the other entity Alice And identifying a corresponding layering parameter for the entity of the other entity, wherein YEAR is the current YEAR public key.
The operation process of the device refers to the implementation process of the CPK key generation method based on time, which is applied to the entity.
Correspondingly, the embodiment of the invention also provides a key center, which is used for executing the CPK key generation method based on time, which is applied to the key center and is described in the embodiment.
Correspondingly, the embodiment of the invention also provides an entity for executing the CPK key generation method applied to the entity based on time as described in the embodiment.
Those of ordinary skill in the art will appreciate that: all or part of the steps for implementing the above method embodiments may be implemented by hardware associated with program instructions, where the foregoing program may be stored in a computer readable storage medium, and when executed, the program performs steps including the above method embodiments; and the aforementioned storage medium includes: various media that can store program code, such as ROM, RAM, magnetic or optical disks.
The above-described embodiments of electronic devices and the like are merely illustrative, wherein the elements described as separate elements may or may not be physically separate, and the elements shown as elements may or may not be physical elements, may be located in one place, or may be distributed over a plurality of network elements. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of this embodiment. Those of ordinary skill in the art will understand and implement the present invention without undue burden.
From the above description of the embodiments, it will be apparent to those skilled in the art that the embodiments may be implemented by means of software plus necessary general hardware platforms, or of course may be implemented by means of hardware. Based on this understanding, the foregoing technical solution may be embodied essentially or in a part contributing to the prior art in the form of a software product, which may be stored in a computer readable storage medium, such as ROM/RAM, a magnetic disk, an optical disk, etc., including several instructions for causing an electronic device (which may be a personal computer, a server, or a network device, etc.) to perform the embodiments or the methods described in some parts of the embodiments.
Finally, it should be noted that: the above embodiments are only for illustrating the technical solution of the present invention, and are not limiting; although the invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical scheme described in the foregoing embodiments can be modified or some technical features thereof can be replaced by equivalents; such modifications and substitutions do not depart from the spirit and scope of the technical solutions of the embodiments of the present invention.

Claims (15)

1. A time-of-day based CPK key generation method, wherein the method is applied to a key center, the method comprising:
receiving a key application message of an entity, wherein the key application message comprises the entity identifier and an application serial number;
taking the current network time as a first network time, carrying out hash transformation on the first network time and the entity identifier by utilizing a hash key to obtain an identifier mapping sequence corresponding to the entity identifier, and publishing the hash key;
obtaining layering parameters corresponding to the entity identifiers according to the identifier mapping sequence and a preset layering parameter generation rule;
Defining a combined private key matrix and a combined public key matrix, obtaining a matrix private key corresponding to the entity identifier according to the identifier mapping sequence, the combined private key matrix and a preset matrix key generation rule, and publishing the combined public key matrix;
defining a current annual private key and a current annual public key, obtaining a combined private key of the first network moment corresponding to the entity identifier according to the matrix private key, the layering parameter and the current annual private key, sending the first network moment, the entity identifier, the application serial number and the combined private key to the entity and publishing the current annual public key so that the entity can discard the combined private key after digitally signing by using the combined private key,
the hash key is utilized to carry out hash transformation on the first network time and the entity identifier, and the identification mapping sequence corresponding to the entity identifier is obtained, which comprises the following steps:
according to Map Bob =Hash Hkey (Bob//time1)=v 0 ,v 1 ,v 2 ,…,v 40 Obtaining an identification mapping sequence v corresponding to the entity identification 0 ,v 1 ,v 2 ,…,v 40 Wherein Bob is the entity identifier, time1 is the first network time, the precision is microsecond, and Hkey isThe hash key is used to store a hash key,
the combined private key matrix and the combined public key matrix are respectively composed of 32 pages of submatrices, the submatrices of each page have the size of 256 x 32,
The obtaining the matrix private key corresponding to the entity identifier according to the identifier mapping sequence, the combined private key matrix and a preset matrix key generation rule comprises:
extracting v in the identification mapping sequence from the combined private key matrix according to the identification mapping sequence and a preset matrix key generation rule 0 The submatrices of the indicated pages as generator matrices;
mapping v in the identification mapping sequence 1 ,…,v 32 As the appointed row coordinates in the generation matrix, natural sequences are used as the appointed column coordinates in the generation matrix, and variables in the appointed row coordinates and the appointed column coordinates in the generation matrix are extracted;
according to
Figure FDA0004159757940000021
Obtaining a matrix private key cmb corresponding to the entity identifier Bob Where r is a variable in a specified row coordinate and a specified column coordinate in the generator matrix,
the obtaining the combined private key of the first network time corresponding to the entity identifier according to the matrix private key, the layering parameters and the current annual private key comprises the following steps:
according to cpk Bob =(cmb Bob *fcc Bob + year) mod n to obtain a combined private key cpk of the first network time corresponding to the entity identifier Bob Wherein, cmb Bob Fcc is the matrix private key Bob For the hierarchical parameters, year is the current year private key.
2. The time-based CPK key generation method according to claim 1, wherein said obtaining the hierarchical parameters corresponding to the entity identifier according to the identifier mapping sequence and a preset hierarchical parameter generation rule includes:
according to Hash Hkey (v 33 ,…,v 40 )mod 2 40 =fcc Bob Obtaining a layering parameter fcc corresponding to the entity identifier Bob Wherein v is 33 ,…,v 40 Belonging to an identification mapping sequence v corresponding to the entity identification 0 ,v 1 ,v 2 ,…,v 40
3. The time-based CPK key generation method according to claim 1, wherein said key application message further includes an entity-defined symmetric key, and said sending said first network time, entity identification, application serial number, and combined private key to said entity comprises:
and encrypting the data packet consisting of the first network moment, the entity identifier, the application serial number and the combined private key by using the symmetric key, and sending the encrypted data packet to the entity.
4. A method for generating a CPK key based on time of day, the method being applied to an entity, the method comprising:
when digital signature is to be executed, a key application message is sent to a key center, wherein the key application message comprises the entity identifier and an application serial number;
Receiving a first network time, an entity identifier, an application serial number and a combined private key of the first network time corresponding to the entity identifier, which are sent by the key center, wherein the combined private key is associated with a current annual private key, a matrix private key corresponding to the entity identifier and a layering parameter;
discarding the combined private key after performing digital signature by using the combined private key;
acquiring a hash key, a combined public key matrix and a current year public key which are published by the key center;
when a digital signature data packet of another entity is received, extracting an entity identifier of the other entity and a second network time from the data packet;
performing hash transformation on the second network time and the entity identifier of the other entity by using the hash key to obtain an identifier mapping sequence corresponding to the entity identifier of the other entity;
obtaining layering parameters corresponding to the entity identification of the other entity according to the identification mapping sequence and a preset layering parameter generation rule;
obtaining a matrix public key corresponding to the entity identifier of the other entity according to the identifier mapping sequence, the combined public key matrix and a preset matrix key generation rule;
Obtaining a combined public key of the second network moment corresponding to the entity identifier of the other entity according to the matrix public key, the layering parameters and the current year public key;
extracting a digital signature from the digital signature data packet, verifying the digital signature by using a combined public key of the second network moment corresponding to the entity identification of the other entity,
the hash key is utilized to perform hash transformation on the second network time and the entity identifier of the other entity, and the obtaining of the identifier mapping sequence corresponding to the entity identifier of the other entity includes:
according to Map Alice =Hash Hkey (Alice//time2)=w 0 ,w 1 ,w 2 ,…,w 40 Obtaining an identification mapping sequence w corresponding to the entity identification of the other entity 0 ,w 1 ,w 2 ,…,w 40 Wherein Alice is an entity identifier of the other entity, time2 is a second network time, the precision is microsecond, hkey is the hash key,
the obtaining the matrix public key corresponding to the entity identifier of the other entity according to the identifier mapping sequence, the combined public key matrix and a preset matrix key generation rule includes:
extracting w in the identification mapping sequence from the combined public key matrix according to the identification mapping sequence and a preset matrix key generation rule 0 The submatrices of the indicated pages as generator matrices;
mapping w in the identification mapping sequence 1 ,…,w 32 As the appointed row coordinates in the generation matrix, natural sequences are used as the appointed column coordinates in the generation matrix, and variables in the appointed row coordinates and the appointed column coordinates in the generation matrix are extracted;
according to
Figure FDA0004159757940000041
Obtaining a matrix public key CMB corresponding to the entity identification of the other entity Alice Wherein R is a variable in a specified row coordinate and a specified column coordinate in the generator matrix,
the obtaining the combined public key of the second network time corresponding to the entity identifier of the other entity according to the matrix public key, the layering parameters and the current year public key includes:
according to CPK Alice =CMB Alice *fcc Alice + YEAR, obtaining a combined public key CPK of the second network moment corresponding to the entity identifier of the other entity Alice Wherein the CMB Alice Identifying a corresponding matrix public key, fcc, for an entity of the other entity Alice And identifying a corresponding layering parameter for the entity of the other entity, wherein YEAR is the current YEAR public key.
5. The time-based CPK key generation method according to claim 4, wherein said key application message further includes an entity-defined symmetric key, and said receiving a combined private key of a first network time, an entity identifier, an application serial number, and a first network time corresponding to said entity identifier, sent by said key center includes:
And receiving the encrypted data packet, and decrypting the data packet by using the symmetric key to obtain a combined private key of a first network time, an entity identifier, an application serial number and the first network time corresponding to the entity identifier in the data packet.
6. The time-based CPK key generation method according to claim 4, wherein said obtaining, according to the identifier mapping sequence and a preset hierarchical parameter generation rule, a hierarchical parameter corresponding to an entity identifier of the other entity includes:
according to Hash Hkey (w 33 ,…,w 40 )mod 2 40 =fcc Alice Obtaining a layering parameter fcc corresponding to the entity identifier of the other entity Alice Wherein w is 33 ,…,w 40 An identification mapping sequence w corresponding to the entity identification belonging to the other entity 0 ,w 1 ,w 2 ,…,w 40
7. A CPK key generating apparatus based on time of day, the apparatus being applied to a key center, the apparatus comprising:
the receiving unit is used for receiving a key application message of an entity, wherein the key application message comprises the entity identifier and an application serial number;
the first processing unit is used for taking the current network time as a first network time, and carrying out hash transformation on the first network time and the entity identifier by utilizing a hash key to obtain an identifier mapping sequence corresponding to the entity identifier;
The second processing unit is used for generating rules according to the identifier mapping sequence and preset layering parameters to obtain layering parameters corresponding to the entity identifiers;
the third processing unit is used for defining a combined private key matrix and a combined public key matrix, and obtaining a matrix private key corresponding to the entity identifier according to the identifier mapping sequence, the combined private key matrix and a preset matrix key generation rule;
the fourth processing unit is used for defining a current annual private key and a current annual public key, and obtaining a combined private key of the first network moment corresponding to the entity identifier according to the matrix private key, the layering parameters and the current annual private key;
the sending unit is used for sending the first network moment, the entity identifier, the application serial number and the combined private key to the entity so that the entity can discard the combined private key after carrying out digital signature by using the combined private key;
a publishing unit configured to publish the hash key, the combined public key matrix, and the current year public key,
the first processing unit is further configured to perform mapping Bob =Hash Hkey (Bob//time1)=v 0 ,v 1 ,v 2 ,…,v 40 Obtaining an identification mapping sequence v corresponding to the entity identification 0 ,v 1 ,v 2 ,…,v 40 Wherein Bob is the entity identifier, time1 is the first network time, the precision is microsecond, hkey is the hash key,
The combined private key matrix and the combined public key matrix are respectively composed of 32 pages of submatrices, the submatrices of each page have the size of 256 x 32,
the third processing unit is further configured to extract v in the identifier mapping sequence from the combined private key matrix according to the identifier mapping sequence and a preset matrix key generation rule 0 The submatrices of the indicated pages as generator matrices; mapping v in the identification mapping sequence 1 ,…,v 32 As the appointed row coordinates in the generation matrix, natural sequences are used as the appointed column coordinates in the generation matrix, and variables in the appointed row coordinates and the appointed column coordinates in the generation matrix are extracted; according to
Figure FDA0004159757940000061
Obtaining a matrix private key cmb corresponding to the entity identifier Bob Where r is a variable in a specified row coordinate and a specified column coordinate in the generator matrix,
the fourth processing unit is also used for processing the wastewater according to cpk Bob =(cmb Bob *fcc Bob + year) mod n to obtain a combined private key cpk of the first network time corresponding to the entity identifier Bob Wherein, cmb Bob Fcc is the matrix private key Bob For the hierarchical parameters, year is the current year private key.
8. The time-based CPK key generating apparatus according to claim 7, whereinThe second processing unit is further configured to perform a Hash processing according to the Hash Hkey (v 33 ,…,v 40 )mod 2 40 =fcc Bob Obtaining a layering parameter fcc corresponding to the entity identifier Bob Wherein v is 33 ,…,v 40 Belonging to an identification mapping sequence v corresponding to the entity identification 0 ,v 1 ,v 2 ,…,v 40
9. The CPK key generating apparatus according to claim 7, wherein the key application message further includes an entity-defined symmetric key, and the transmitting unit is further configured to encrypt a data packet composed of the first network time, the entity identifier, the application serial number, and the combined private key by using the symmetric key, and transmit the encrypted data packet to the entity.
10. A CPK key generation apparatus based on time of day, said apparatus being applied to an entity, said apparatus comprising:
a sending unit, configured to send a key application message to a key center when a digital signature is to be executed, where the key application message includes the entity identifier and an application serial number;
the receiving unit is used for receiving a combined private key of the first network time, the entity identifier, the application serial number and the first network time corresponding to the entity identifier, which are sent by the key center, wherein the combined private key is associated with the current annual private key, the matrix private key corresponding to the entity identifier and the layering parameter;
The signature processing unit is used for discarding the combined private key after carrying out digital signature by utilizing the combined private key;
the acquisition unit is used for acquiring the hash key, the combined public key matrix and the current year public key published by the key center;
the receiving unit is also used for receiving a digital signature data packet sent by another entity;
an extracting unit, configured to extract an entity identifier of the other entity and a second network time from the data packet;
the hash conversion unit is used for carrying out hash conversion on the second network time and the entity identifier of the other entity by utilizing the hash key to obtain an identifier mapping sequence corresponding to the entity identifier of the other entity;
the first generation unit is used for obtaining layering parameters corresponding to the entity identifier of the other entity according to the identifier mapping sequence and a preset layering parameter generation rule;
the second generating unit is used for obtaining a matrix public key corresponding to the entity identifier of the other entity according to the identifier mapping sequence, the combined public key matrix and a preset matrix key generating rule;
a third generating unit, configured to obtain, according to the matrix public key, the layering parameter, and the current year public key, a combined public key of the second network time corresponding to the entity identifier of the other entity;
A verification unit, configured to extract a digital signature in the digital signature packet, and verify the digital signature by using a combined public key of the second network time corresponding to the entity identifier of the other entity,
the second generating unit is further configured to extract w in the identifier mapping sequence from the combined public key matrix according to the identifier mapping sequence and a preset matrix key generation rule 0 The submatrices of the indicated pages as generator matrices; mapping w in the identification mapping sequence 1 ,…,w 32 As the appointed row coordinates in the generation matrix, natural sequences are used as the appointed column coordinates in the generation matrix, and variables in the appointed row coordinates and the appointed column coordinates in the generation matrix are extracted; according to
Figure FDA0004159757940000081
Obtaining a matrix public key CMB corresponding to the entity identification of the other entity Alice Wherein R is a variable in a specified row coordinate and a specified column coordinate in the generator matrix,
the third generation unit is also used for generating a third generation unit according to CPK Alice =CMB Alice *fcc Alice + YEAR, obtaining a combined public key CPK of the second network moment corresponding to the entity identifier of the other entity Alice Wherein the CMB Alice Identifying a corresponding matrix public key, fcc, for an entity of the other entity Alice And identifying a corresponding layering parameter for the entity of the other entity, wherein YEAR is the current YEAR public key.
11. The CPK key generating apparatus according to claim 10, wherein the key application message further includes an entity-defined symmetric key, and the receiving unit is further configured to receive an encrypted data packet, and decrypt the data packet using the symmetric key, to obtain a combined private key of a first network time, an entity identifier, an application serial number, and the first network time corresponding to the entity identifier in the data packet.
12. The time-based CPK key generating apparatus according to claim 10, wherein said hash transformation unit is further configured to generate a key according to Map Alice =Hash Hkey (Alice//time2)=w 0 ,w 1 ,w 2 ,…,w 40 Obtaining an identification mapping sequence w corresponding to the entity identification of the other entity 0 ,w 1 ,w 2 ,…,w 40 Wherein Alice is an entity identifier of the other entity, time2 is a second network time, the precision of which is microsecond, and Hkey is the hash key.
13. The time-based CPK key generating apparatus according to claim 10, wherein said first generating unit is further configured to generate a time-based CPK key according to Hash Hkey (w 33 ,…,w 40 )mod 2 40 =fcc Alice Obtaining a layering parameter fcc corresponding to the entity identifier of the other entity Alice Wherein w is 33 ,…,w 40 An identification mapping sequence w corresponding to the entity identification belonging to the other entity 0 ,w 1 ,w 2 ,…,w 40
14. A key center, characterized in that the key center comprises the time-based CPK key generating apparatus as claimed in any one of claims 7 to 9.
15. An entity, characterized in that it comprises the time-of-day-based CPK key generating apparatus as claimed in any one of claims 10-13.
CN201911201979.8A 2019-11-29 2019-11-29 CPK key generation method, device, entity and key center based on time Active CN110830237B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201911201979.8A CN110830237B (en) 2019-11-29 2019-11-29 CPK key generation method, device, entity and key center based on time

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201911201979.8A CN110830237B (en) 2019-11-29 2019-11-29 CPK key generation method, device, entity and key center based on time

Publications (2)

Publication Number Publication Date
CN110830237A CN110830237A (en) 2020-02-21
CN110830237B true CN110830237B (en) 2023-05-12

Family

ID=69541920

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201911201979.8A Active CN110830237B (en) 2019-11-29 2019-11-29 CPK key generation method, device, entity and key center based on time

Country Status (1)

Country Link
CN (1) CN110830237B (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111682937B (en) * 2020-06-08 2023-07-25 晋商博创(北京)科技有限公司 Method and device for applying and distributing key of enhanced CPK
CN113206739B (en) * 2021-05-21 2023-05-12 晋商博创(北京)科技有限公司 Key generation method, device and storage medium for combined public key CPK
CN113572594A (en) * 2021-07-26 2021-10-29 晋商博创(北京)科技有限公司 CPK key generation method, device, entity and key center

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2007134532A1 (en) * 2006-05-22 2007-11-29 Beijing E-Henxen Authentication Technologies Co., Ltd. A creditable authentication system based on the cpk
CN104901930A (en) * 2014-04-21 2015-09-09 孟俊 Traceable network behavior management method based on CPK identity authentication
CN105024824A (en) * 2014-11-05 2015-11-04 祝国龙 Method for generating and verifying credible label based on asymmetrical encryption algorithm and system
CN108777619A (en) * 2018-05-08 2018-11-09 晋商博创(北京)科技有限公司 CPK systems based on mark and key management method, device, server and terminal

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2007134532A1 (en) * 2006-05-22 2007-11-29 Beijing E-Henxen Authentication Technologies Co., Ltd. A creditable authentication system based on the cpk
CN104901930A (en) * 2014-04-21 2015-09-09 孟俊 Traceable network behavior management method based on CPK identity authentication
CN105024824A (en) * 2014-11-05 2015-11-04 祝国龙 Method for generating and verifying credible label based on asymmetrical encryption algorithm and system
CN108777619A (en) * 2018-05-08 2018-11-09 晋商博创(北京)科技有限公司 CPK systems based on mark and key management method, device, server and terminal

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
南相浩 ; 陈华平 ; .组合公钥(CPK)体制标准.信息安全与通信保密.(第08期),全文. *

Also Published As

Publication number Publication date
CN110830237A (en) 2020-02-21

Similar Documents

Publication Publication Date Title
CN110830237B (en) CPK key generation method, device, entity and key center based on time
CN103490901B (en) Key based on combination key system generates and distribution method
CN114730420A (en) System and method for generating signatures
CA2754268C (en) Split key secure access system
CN112543187B (en) Industrial Internet of things safety data sharing method based on edge block chain
CN106487506B (en) Multi-mechanism KP-ABE method supporting pre-encryption and outsourcing decryption
CN107425971B (en) Certificateless data encryption/decryption method and device and terminal
CN106603246A (en) SM2 digital signature segmentation generation method and system
KR20110140122A (en) Methods for producing products which contain certificates and keys
CN111541666B (en) Certificateless cloud end data integrity auditing method with privacy protection function
CN110635912B (en) Data processing method and device
CN110247759A (en) A kind of SM9 private key generates and application method and system
CN109687977A (en) Anti- quantum calculation digital signature method and anti-quantum calculation digital signature system based on multiple pool of keys
CN111404952A (en) Transformer substation data encryption transmission method and device, computer equipment and storage medium
Hahn et al. Trustworthy delegation toward securing mobile healthcare cyber-physical systems
Simmons Secure communications and asymmetric cryptosystems
CN104734847B (en) Towards the shared symmetric key data encryption and decryption method of public key cryptography application
CN107104793A (en) A kind of digital signature generation method and system
CN109962783A (en) SM9 digital signature collaboration generation method and system based on progressive calculating
CN111010273B (en) Attribute-based encryption and decryption method and system based on position decryption
CN114362912A (en) Identification password generation method based on distributed key center, electronic device and medium
CN116055177A (en) Lightweight authentication and key negotiation method suitable for Internet of things equipment
CN113206739B (en) Key generation method, device and storage medium for combined public key CPK
CN112950356B (en) Personal loan processing method, system, equipment and medium based on digital identity
CN114513316B (en) Anonymous authentication method based on identity, server and user terminal equipment

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant